Stories
Slash Boxes
Comments

SoylentNews is people

OpenSSL to Get Funding

posted by martyb on Thursday April 24 2014, @04:50PM   Printer-friendly

prospectacle writes:

It's often said that "you get what you pay for", but when it comes to free software, this doesn't apply. You often get a lot more. However, you do get what someone pays for. Software development takes time and money, and without substantial donations, sponsorship, etc., a free-software project will be limited to what volunteers can achieve in their own time.

According to an article in Ars Technica, the security software OpenSSL has one full-time employee and receives about $2000 a year in donations. It's therefore not surprising that bugs aren't always caught before they cause problems.

Based on the recent, and serious, "heartbleed" bug, this state of affairs needs to change and, according to that same article, is about to change. The Linux Foundation is launching the Core Infrastructure Initiative with some decent financial backing. "Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware have all pledged to commit at least $100,000 a year for at least three years".

OpenSSL will not be the only project to receive a share of this money, but it was the inspiration for the initiative and will be the first under consideration. The funding will "not come with strings attached", according to Linux Foundation Executive Director Jim Zemlin.

One could argue it's much cheaper to support something like OpenSSL than to clean up the mess when a small and underfunded team fail to catch important bugs in a timely manner.

Which other projects would be cheaper in the long run (for all concerned) if they received more financial support?

 
This discussion has been archived. No new comments can be posted.
OpenSSL to Get Funding | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by omoc on Thursday April 24 2014, @05:14PM

    by omoc (39) on Thursday April 24 2014, @05:14PM (#35672)

    Seriously, after we've been made aware of their general code quality it won't get better by just putting money into that project. It will just get more bloated and messy. It would be much wiser to give the money to the OpenBSD foundation and their LibreSSL fork and make this mainline everywhere. Those are the capable hands we need.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Friday April 25 2014, @12:24AM

    by Anonymous Coward on Friday April 25 2014, @12:24AM (#35867)

    Will this LibreSSL fork have immediate support for non-BSD operating systems from day one, or will it be "we support BSD and who cares about the rest of you"? I'd rather they clean up what we already have, like they did with Xfree86.

    • (Score: 0) by Anonymous Coward on Friday April 25 2014, @05:47AM

      by Anonymous Coward on Friday April 25 2014, @05:47AM (#35940)

      You still have your POSIX layer which should run on Linux and Windows alike